Tax Scams – Part 2

Part two of the IRS “Dirty Dozen” series warns taxpayers of fraudulent schemes that come in the form of emails, text messages, social media, and phone calls. In these types of scams, dishonest people set out with the goal of tricking taxpayers into divulging sensitive information. Unfortunately, these cons may also include links that download malicious software that collects your data. In this article, we review tax-related phishing scams and what to watch for so that you do not fall victim to these scammers.

• EFIN & CAF Scams
  The IRS has seen an uptick in phishing scams involving Electronic Filing Identification Numbers (EFIN) and Centralized Authorization File (CAF) numbers. These scams have gone as far as offering to buy and sell these numbers. It has been reported that some of these scams have been received from the fictitious “IRS Tax E-Filing” account. It is crucial not to open any attachments or click any links. When in doubt, ask IT! And to take it a step further, any scams should be reported to the Treasury Inspector General for Tax Administration to keep the IRS aware of current scams.
• New Client Scams
  Another scam impacting tax professionals is receiving phishing emails claiming to be a new client needing immediate help. These emails typically include a sense of urgency and have attachments labeled as prior-year tax returns or IRS notices. Always be wary of emails from senders that you do not know, especially when considering opening attachments or clicking on links.

• Another scam that the IRS has seen on the rise is voice-related phishing, otherwise known as vishing. The IRS saw a 14% increase in vishing scams in 2020, and of those scams, 25% focused on fake tax liens. Tax-lien scams saw a 79% increase in 2020 vs. the previous year.  Any vishing attempt should be reported to the Treasury Inspector General for Tax Administration. Here are a couple of tips to avoid falling victim to vishing:
  • Generally, the IRS will always contact you first via mail about unpaid taxes—not by phone.
  • After the initial mail contact, the IRS may contact you via phone but never insist on payment over the phone—and never payment via gift cards, money order, or wire transfer.
  • The IRS will never send a text, email, or social media message requesting personal information.

Social media scams are especially prevalent in times of need—such as the recent COVID-19 pandemic. Con artists will sift through social media accounts to extract personal information to use against their targets. For example, sending you emails or messages posing as someone you may know and instantly gaining your trust. Commonly these messages will contain a link that appears to be something of interest to you but, in turn, contains malware or may be a link to a fake charity appealing to the current time of need and soliciting small donations. We recommend that our clients review their privacy settings on all social media platforms and limit the amount of information shared with the public. Remember any information that is publically shared can potentially be used against you.

By now, you have likely seen the recent news about ransomware attacks against several US companies. The US Treasury Financial Crimes Enforcement Network (FINCEN) has noted that ransomware attacks continue to rise across governmental entities as well as financial, educational, and healthcare institutions. Ransomeware attacks can not only result in the loss of sensitive or proprietary information, but they can also be very costly. Cybercriminals commonly use wide-scale phishing and targeted spear-phishing to coerce unknowing victims to download a malicious file or go to a malicious site. Additionally, with more people working remotely, attackers may also exploit remote desktop protocols. We’ve provided ways to protect your company in our Ransomware Blog.

Miss part one of this four-part series featuring the IRS “Dirty Dozen?” You can read it here! And come back next week for part three featuring tax-related scams involving fake charities, ghost prepares, and other schemes.